CVE-2025-21591 (GCVE-0-2025-21591)

Vulnerability from cvelistv5 – Published: 2025-04-09 19:46 – Updated: 2025-04-28 16:21
VLAI?
Summary
A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * from 23.1 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2. This issue isn't applicable to any versions of Junos OS before 23.1R1. This issue doesn't affect vSRX Series which doesn't support DHCP Snooping. This issue doesn't affect Junos OS Evolved. There are no indicators of compromise for this issue.
Severity ?
7.4 (High)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.1 (High)
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green
CWE
  • CWE-805 - Buffer Access with Incorrect Length Value
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 23.1 , < 23.2R2-S3 (semver)
Affected: 23.4 , < 23.4R2-S3 (semver)
Affected: 24.2 , < 24.2R2 (semver)
Unaffected: 0 , ≤ 23.1R1 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T13:17:33.869610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T13:17:41.109Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "dhcp"
          ],
          "packageName": "jdhcpd",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "23.2R2-S3",
              "status": "affected",
              "version": "23.1",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S3",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "23.1R1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ethe mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [ vlans \u0026lt;vlan-name\u0026gt; forwarding-options dhcp-security \u003c/span\u003emine-dhcp-client-options ]\u003cbr\u003e\u0026nbsp; [ mine-dhcpv6-client-options ]\u003cbr\u003e\u003c/p\u003e\u003cp\u003ePlease note: It is atypical to use the above configuration with a DHCP server on the same device.\u003c/p\u003e"
            }
          ],
          "value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u00a0the mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u00a0 [ vlans \u003cvlan-name\u003e forwarding-options dhcp-security mine-dhcp-client-options ]\n\u00a0 [ mine-dhcpv6-client-options ]\n\n\nPlease note: It is atypical to use the above configuration with a DHCP server on the same device."
        }
      ],
      "datePublic": "2025-04-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.1 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003eThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \u003cbr\u003e\u003cbr\u003eThis issue doesn\u0027t affect Junos OS Evolved.\u003cbr\u003e\u003cbr\u003eThere are no indicators of compromise for this issue.\u003cbr\u003e"
            }
          ],
          "value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\n\nContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\n\n\nThis issue affects Junos OS:\n\n\n\n  *  from 23.1 before 23.2R2-S3,\n  *  from 23.4 before 23.4R2-S3,\n  *  from 24.2 before 24.2R2.\n\n\nThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \n\n\n\nThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \n\nThis issue doesn\u0027t affect Junos OS Evolved.\n\nThere are no indicators of compromise for this issue."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-805",
              "description": "CWE-805: Buffer Access with Incorrect Length Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-28T16:21:26.535Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA96448"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA96448",
        "defect": [
          "1827395"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-09T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-21591",
    "datePublished": "2025-04-09T19:46:55.976Z",
    "dateReserved": "2024-12-26T14:47:11.667Z",
    "dateUpdated": "2025-04-28T16:21:26.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21591\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-04-09T20:15:25.363\",\"lastModified\":\"2025-04-28T17:15:48.227\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\\n\\nContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\\n\\n\\nThis issue affects Junos OS:\\n\\n\\n\\n  *  from 23.1 before 23.2R2-S3,\\n  *  from 23.4 before 23.4R2-S3,\\n  *  from 24.2 before 24.2R2.\\n\\n\\nThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \\n\\n\\n\\nThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \\n\\nThis issue doesn\u0027t affect Junos OS Evolved.\\n\\nThere are no indicators of compromise for this issue.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de acceso al b\u00fafer con valor de longitud incorrecto en el demonio jdhcpd de Juniper Networks Junos OS, cuando la vigilancia DHCP est\u00e1 habilitada, permite que un atacante adyacente no autenticado env\u00ede un paquete DHCP con una opci\u00f3n DHCP mal formada para provocar el bloqueo de jdhcp, creando una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La recepci\u00f3n continua de estos paquetes DHCP mediante la opci\u00f3n DHCP mal formada crear\u00e1 una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sostenida. Este problema afecta a Junos OS: * de 23.1R1 a 23.2R2-S3, * de 23.4 a 23.4R2-S3, * de 24.2 a 24.2R2. Este problema no afecta a ninguna versi\u00f3n de Junos OS anterior a 23.1R1. Este problema no afecta a la serie vSRX, que no admite la vigilancia DHCP. Este problema no afecta a Junos OS Evolved. No hay indicadores de compromiso para este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Green\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"GREEN\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-805\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA96448\",\"source\":\"sirt@juniper.net\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21591\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-10T13:17:33.869610Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-10T13:17:37.582Z\"}}], \"cna\": {\"title\": \"Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash\", \"source\": {\"defect\": [\"1827395\"], \"advisory\": \"JSA96448\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 7.1, \"Automatable\": \"YES\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"modules\": [\"dhcp\"], \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"23.1\", \"lessThan\": \"23.2R2-S3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2-S3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2\", \"lessThan\": \"24.2R2\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"23.1R1\"}], \"packageName\": \"jdhcpd\", \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-09T16:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-04-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA96448\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\\n\\nContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\\n\\n\\nThis issue affects Junos OS:\\n\\n\\n\\n  *  from 23.1 before 23.2R2-S3,\\n  *  from 23.4 before 23.4R2-S3,\\n  *  from 24.2 before 24.2R2.\\n\\n\\nThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \\n\\n\\n\\nThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \\n\\nThis issue doesn\u0027t affect Junos OS Evolved.\\n\\nThere are no indicators of compromise for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.1 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003eThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \u003cbr\u003e\u003cbr\u003eThis issue doesn\u0027t affect Junos OS Evolved.\u003cbr\u003e\u003cbr\u003eThere are no indicators of compromise for this issue.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-805\", \"description\": \"CWE-805: Buffer Access with Incorrect Length Value\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"The required minimal configuration is DHCP is configured with DHCP snooping enabled with\\u00a0the mine-dhcp-client-options and/or mine-dhcpv6-client-options.\\u00a0 [ vlans \u003cvlan-name\u003e forwarding-options dhcp-security mine-dhcp-client-options ]\\n\\u00a0 [ mine-dhcpv6-client-options ]\\n\\n\\nPlease note: It is atypical to use the above configuration with a DHCP server on the same device.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u0026nbsp;\u003cspan style=\\\"background-color: var(--wht);\\\"\u003ethe mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u003c/span\u003e\u003cp\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp; [ vlans \u0026lt;vlan-name\u0026gt; forwarding-options dhcp-security \u003c/span\u003emine-dhcp-client-options ]\u003cbr\u003e\u0026nbsp; [ mine-dhcpv6-client-options ]\u003cbr\u003e\u003c/p\u003e\u003cp\u003ePlease note: It is atypical to use the above configuration with a DHCP server on the same device.\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-04-28T16:21:26.535Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-21591\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-28T16:21:26.535Z\", \"dateReserved\": \"2024-12-26T14:47:11.667Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-04-09T19:46:55.976Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.